gitea-mirror/git-crypt
1
0
Fork 0
mirror of https://github.com/AGWA/git-crypt.git synced 2026-01-02 00:00:12 -08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: gitea-mirror:0.4.1
Branches Tags
gitea-mirror:master gitea-mirror:pristine-tar gitea-mirror:skip_empty gitea-mirror:debian
gitea-mirror:0.8.0 gitea-mirror:0.7.0 gitea-mirror:debian/0.6.0-1 gitea-mirror:0.6.0 gitea-mirror:debian/0.5.0-2 gitea-mirror:debian/0.5.0-1 gitea-mirror:0.5.0 gitea-mirror:debian/0.4.2-1_agwa1 gitea-mirror:0.4.2 gitea-mirror:0.4.1 gitea-mirror:0.4 gitea-mirror:debian/0.3-1 gitea-mirror:0.3 gitea-mirror:0.2 gitea-mirror:0.1
..
compare: gitea-mirror:debian/0.3-1
Branches Tags
gitea-mirror:master gitea-mirror:pristine-tar gitea-mirror:skip_empty gitea-mirror:debian
gitea-mirror:0.8.0 gitea-mirror:0.7.0 gitea-mirror:debian/0.6.0-1 gitea-mirror:0.6.0 gitea-mirror:debian/0.5.0-2 gitea-mirror:debian/0.5.0-1 gitea-mirror:0.5.0 gitea-mirror:debian/0.4.2-1_agwa1 gitea-mirror:0.4.2 gitea-mirror:0.4.1 gitea-mirror:0.4 gitea-mirror:debian/0.3-1 gitea-mirror:0.3 gitea-mirror:0.2 gitea-mirror:0.1

1 Commits
0.4.1 ... debian/0.3

Author SHA1 Message Date
Andrew Ayer
6b78ef0548 Add initial Debian packaging 2014-03-29 17:39:53 -07:00
38 changed files with 519 additions and 4105 deletions
Expand all files Collapse all files

1
.gitattributes vendored
View File

@@ -1 +0,0 @@
.git* export-ignore

25
CONTRIBUTING.md
View File

@@ -1,25 +0,0 @@
Thanks for your interest in contributing to git-crypt! git-crypt is
open source software and welcomes contributions in the form of code,
documentation, bug reports, or anything else that improves git-crypt.
When contributing code, please consider the following guidelines:
* You are encouraged to open an issue on GitHub or send mail to
git-crypt-discuss@lists.cloudmutt.com to discuss any non-trivial
changes before you start coding.
* Please mimic the existing code style as much as possible. In
particular, please indent code using tab characters with a width
of 8.
* To minimize merge commits, please rebase your changes before opening
a pull request.
* To submit your patch, open a pull request on GitHub or send a
properly-formatted patch to git-crypt-discuss@lists.cloudmutt.com.
Finally, be aware that since git-crypt is security-sensitive software,
the bar for contributions is higher than average. Please don't be
discouraged by this, but be prepared for patches to possibly go through
several rounds of feedback and improvement before being accepted.
Your patience and understanding is appreciated.

27
INSTALL
View File

@@ -20,30 +20,3 @@ The Makefile is tailored for g++, but should work with other compilers.
It doesn't matter where you install the git-crypt binary - choose wherever
is most convenient for you.
BUILDING A DEBIAN PACKAGE
Debian packaging can be found in the 'debian' branch of the project
Git repository. The package is built using git-buildpackage as follows:
$ git checkout debian
$ git-buildpackage -uc -us
INSTALLING ON MAC OS X
Using the brew package manager, simply run:
$ brew install git-crypt
EXPERIMENTAL WINDOWS SUPPORT
git-crypt should build on Windows with MinGW, although the build system
is not yet finalized so you will need to pass your own CXX, CXXFLAGS, and
LDFLAGS variables to make. Additionally, Windows support is less tested
and does not currently create key files with restrictive permissions,
making it unsuitable for use on a multi-user system. Windows support
will mature in a future version of git-crypt. Bug reports and patches
are most welcome!

53
INSTALL.md
View File

@@ -1,53 +0,0 @@
Dependencies
------------
To use git-crypt, you need:
* Git 1.6.0 or newer
* OpenSSL
* For decrypted git diff output, Git 1.6.1 or newer
* For decrypted git blame output, Git 1.7.2 or newer
To build git-crypt, you need a C++ compiler and OpenSSL development
headers.
Building git-crypt
------------------
The Makefile is tailored for g++, but should work with other compilers.
make
cp git-crypt /usr/local/bin/
It doesn't matter where you install the git-crypt binary - choose
wherever is most convenient for you.
Building A Debian Package
-------------------------
Debian packaging can be found in the 'debian' branch of the project Git
repository. The package is built using git-buildpackage as follows:
git checkout debian
git-buildpackage -uc -us
Installing On Mac OS X
----------------------
Using the brew package manager, simply run:
brew install git-crypt
Experimental Windows Support
----------------------------
git-crypt should build on Windows with MinGW, although the build system
is not yet finalized so you will need to pass your own CXX, CXXFLAGS, and
LDFLAGS variables to make. Additionally, Windows support is less tested
and does not currently create key files with restrictive permissions,
making it unsuitable for use on a multi-user system. Windows support
will mature in a future version of git-crypt. Bug reports and patches
are most welcome!

22
Makefile
View File

@@ -1,31 +1,19 @@
CXX := c++
CXXFLAGS := -Wall -pedantic -Wno-long-long -O2
LDFLAGS :=
CXXFLAGS := -Wall -pedantic -ansi -Wno-long-long -O2
LDFLAGS := -lcrypto
PREFIX := /usr/local
OBJFILES = \
git-crypt.o \
commands.o \
crypto.o \
gpg.o \
key.o \
util.o \
parse_options.o
OBJFILES += crypto-openssl.o
LDFLAGS += -lcrypto
OBJFILES = git-crypt.o commands.o crypto.o util.o
all: git-crypt
git-crypt: $(OBJFILES)
$(CXX) $(CXXFLAGS) -o $@ $(OBJFILES) $(LDFLAGS)
util.o: util.cpp util-unix.cpp util-win32.cpp
$(CXX) $(CXXFLAGS) -o $@ $^ $(LDFLAGS)
clean:
rm -f *.o git-crypt
install: git-crypt
install:
install -m 755 git-crypt $(DESTDIR)$(PREFIX)/bin/
.PHONY: all clean install

23
NEWS
View File

@@ -1,26 +1,3 @@
v0.4.1 (2015-01-08)
* Important usability fix to ensure that the .git-crypt directory
can't be encrypted by accident (see RELEASE_NOTES-0.4.1.md for
more information).
v0.4 (2014-11-16)
(See RELEASE_NOTES-0.4.md for important details.)
* Add optional GPG support: GPG can be used to share the repository
between one or more users in lieu of sharing a secret key.
* New workflow: the symmetric key is now stored inside the .git
directory. Although backwards compatibility has been preserved
with repositories created by old versions of git-crypt, the
commands for setting up a repository have changed. See the
release notes file for details.
* Multiple key support: it's now possible to encrypt different parts
of a repository with different keys.
* Initial 'git-crypt status' command to report which files are
encrypted and to fix problems that are detected.
* Numerous usability, documentation, and error reporting improvements.
* Major internal code improvements that will make future development
easier.
* Initial experimental Windows support.
v0.3 (2013-04-05)
* Fix 'git-crypt init' on newer versions of Git. Previously,
encrypted files were not being automatically decrypted after

44
NEWS.md
View File

@@ -1,44 +0,0 @@
News
====
######v0.4.1 (2015-01-08)
* Important usability fix to ensure that the .git-crypt directory
can't be encrypted by accident (see
[the release notes](RELEASE_NOTES-0.4.1.md) for more information).
######v0.4 (2014-11-16)
(See [the release notes](RELEASE_NOTES-0.4.md) for important details.)
* Add optional GPG support: GPG can be used to share the repository
between one or more users in lieu of sharing a secret key.
* New workflow: the symmetric key is now stored inside the .git
directory. Although backwards compatibility has been preserved
with repositories created by old versions of git-crypt, the
commands for setting up a repository have changed. See the
release notes file for details.
* Multiple key support: it's now possible to encrypt different parts
of a repository with different keys.
* Initial `git-crypt status` command to report which files are
encrypted and to fix problems that are detected.
* Numerous usability, documentation, and error reporting improvements.
* Major internal code improvements that will make future development
easier.
* Initial experimental Windows support.
######v0.3 (2013-04-05)
* Fix `git-crypt init` on newer versions of Git. Previously,
encrypted files were not being automatically decrypted after running
`git-crypt init` with recent versions of Git.
* Allow `git-crypt init` to be run even if the working tree contains
untracked files.
* `git-crypt init` now properly escapes arguments to the filter
commands it configures, allowing both the path to git-crypt and the
path to the key file to contain arbitrary characters such as spaces.
######v0.2 (2013-01-25)
* Numerous improvements to `git-crypt init` usability.
* Fix gitattributes example in [README](README.md): the old example
showed a colon after the filename where there shouldn't be one.
* Various build fixes and improvements.
######v0.1 (2012-11-29)
* Initial release.

133
README
View File

@@ -10,8 +10,8 @@ you store your secret material (such as keys or passwords) in the same
repository as your code, without requiring you to lock down your entire
repository.
git-crypt was written by Andrew Ayer <agwa@andrewayer.name>. For more
information, see <https://www.agwa.name/projects/git-crypt>.
git-crypt was written by Andrew Ayer <agwa at andrewayer dot name>.
For more information, see <http://www.agwa.name/projects/git-crypt>.
BUILDING GIT-CRYPT
@@ -21,58 +21,48 @@ See the INSTALL file.
USING GIT-CRYPT
Configure a repository to use git-crypt:
Generate a secret key:
$ git-crypt keygen /path/to/keyfile
Configure a repository to use encryption:
$ cd repo
$ git-crypt init
$ git-crypt init /path/to/keyfile
Specify files to encrypt by creating a .gitattributes file:
secretfile filter=git-crypt diff=git-crypt
*.key filter=git-crypt diff=git-crypt
Like a .gitignore file, it can match wildcards and should be checked into
the repository. See below for more information about .gitattributes.
Make sure you don't accidentally encrypt the .gitattributes file itself!
Like a .gitignore file, it can match wildcards and should be checked
into the repository. Make sure you don't accidentally encrypt the
.gitattributes file itself!
Share the repository with others (or with yourself) using GPG:
Cloning a repository with encrypted files:
$ git-crypt add-gpg-user USER_ID
$ git clone /path/to/repo
$ cd repo
$ git-crypt init /path/to/keyfile
USER_ID can be a key ID, a full fingerprint, an email address, or anything
else that uniquely identifies a public key to GPG (see "HOW TO SPECIFY
A USER ID" in the gpg man page). Note: `git-crypt add-gpg-user` will
add and commit a GPG-encrypted key file in the .git-crypt directory of
the root of your repository.
Alternatively, you can export a symmetric secret key, which you must
securely convey to collaborators (GPG is not required, and no files
are added to your repository):
$ git-crypt export-key /path/to/key
After cloning a repository with encrypted files, unlock with with GPG:
$ git-crypt unlock
Or with a symmetric key:
$ git-crypt unlock /path/to/key
That's all you need to do - after git-crypt is set up (either with
`git-crypt init` or `git-crypt unlock`), you can use git normally -
encryption and decryption happen transparently.
That's all you need to do - after running git-crypt init, you can use
git normally - encryption and decryption happen transparently.
CURRENT STATUS
The latest version of git-crypt is 0.4.1, released on 2015-01-08.
The latest version of git-crypt is 0.3, released on 2013-04-05.
git-crypt aims to be bug-free and reliable, meaning it shouldn't
crash, malfunction, or expose your confidential data. However,
it has not yet reached maturity, meaning it is not as documented,
featureful, or easy-to-use as it should be. Additionally, there may be
backwards-incompatible changes introduced before version 1.0.
Development on git-crypt is currently focused on improving the user
experience, especially around setting up repositories. There are also
plans to add additional key management schemes, such as passphrase-derived
keys and keys encrypted with PGP.
SECURITY
@@ -86,64 +76,27 @@ beyond whether two files are identical or not. Other proposals for
transparent git encryption use ECB or CBC with a fixed IV. These systems
are not semantically secure and leak information.
The AES key is stored unencrypted on disk. The user is responsible for
protecting it and ensuring it's safely distributed only to authorized
people. A future version of git-crypt may support encrypting the key
with a passphrase.
LIMITATIONS
git-crypt relies on git filters, which were not designed with encryption
in mind. As such, git-crypt is not the best tool for encrypting most or
all of the files in a repository. Where git-crypt really shines is where
most of your repository is public, but you have a few files (perhaps
private keys named *.key, or a file with API credentials) which you
need to encrypt. For encrypting an entire repository, consider using a
system like git-remote-gcrypt <https://github.com/joeyh/git-remote-gcrypt>
instead. (Note: no endorsement is made of git-remote-gcrypt's security.)
git-crypt is not designed to encrypt an entire repository. Not only does
that defeat the aim of git-crypt, which is the ability to selectively
encrypt files and share the repository with less-trusted developers, there
are probably better, more efficient ways to encrypt an entire repository,
such as by storing it on an encrypted filesystem. Also note that
git-crypt is somewhat of an abuse of git's smudge, clean, and textconv
features. Junio Hamano, git's maintainer, has said not to do this
<http://thread.gmane.org/gmane.comp.version-control.git/113124/focus=113221>,
though his main objection ("making a pair of similar 'smudged' contents
totally dissimilar in their 'clean' counterparts.") does not apply here
since git-crypt uses deterministic encryption.
git-crypt does not encrypt file names, commit messages, or other metadata.
Files encrypted with git-crypt are not compressible. Even the smallest
change to an encrypted file requires git to store the entire changed file,
instead of just a delta.
Although git-crypt protects individual file contents with a SHA-1
HMAC, git-crypt cannot be used securely unless the entire repository is
protected against tampering (an attacker who can mutate your repository
can alter your .gitattributes file to disable encryption). If necessary,
use git features such as signed tags instead of relying solely on
git-crypt for integrity.
Files encrypted with git-crypt cannot be patched with git-apply, unless
the patch itself is encrypted. To generate an encrypted patch, use `git
diff --no-textconv --binary`. Alternatively, you can apply a plaintext
patch outside of git using the patch command.
git-crypt does not work reliably with Atlassian SourceTree.
Files might be left in an unencrypted state. See
<https://jira.atlassian.com/browse/SRCTREE-2511>.
GITATTRIBUTES FILE
The .gitattributes file is documented in the gitattributes(5) man page.
The file pattern format is the same as the one used by .gitignore,
as documented in the gitignore(5) man page, with the exception that
specifying merely a directory (e.g. `/dir/`) is NOT sufficient to
encrypt all files beneath it.
Also note that the pattern `dir/*` does not match files under
sub-directories of dir/. To encrypt an entire sub-tree dir/, place the
following in dir/.gitattributes:
* filter=git-crypt diff=git-crypt
.gitattributes !filter !diff
The second pattern is essential for ensuring that .gitattributes itself
is not encrypted.
MAILING LISTS
To stay abreast of, and provide input to, git-crypt development, consider
subscribing to one or both of our mailing lists:
Announcements: https://lists.cloudmutt.com/mailman/listinfo/git-crypt-announce
Discussion: https://lists.cloudmutt.com/mailman/listinfo/git-crypt-discuss
git-crypt does not itself provide any authentication. It assumes that
either the master copy of your repository is stored securely, or that
you are using git's existing facilities to ensure integrity (signed tags,
remembering commit hashes, etc.).

151
README.md
View File

@@ -1,151 +0,0 @@
git-crypt - transparent file encryption in git
==============================================
git-crypt enables transparent encryption and decryption of files in a
git repository. Files which you choose to protect are encrypted when
committed, and decrypted when checked out. git-crypt lets you freely
share a repository containing a mix of public and private content.
git-crypt gracefully degrades, so developers without the secret key can
still clone and commit to a repository with encrypted files. This lets
you store your secret material (such as keys or passwords) in the same
repository as your code, without requiring you to lock down your entire
repository.
git-crypt was written by [Andrew Ayer](https://www.agwa.name) (agwa@andrewayer.name).
For more information, see <https://www.agwa.name/projects/git-crypt>.
Building git-crypt
------------------
See the [INSTALL.md](INSTALL.md) file.
Using git-crypt
---------------
Configure a repository to use git-crypt:
cd repo
git-crypt init
Specify files to encrypt by creating a .gitattributes file:
secretfile filter=git-crypt diff=git-crypt
*.key filter=git-crypt diff=git-crypt
Like a .gitignore file, it can match wildcards and should be checked into
the repository. See below for more information about .gitattributes.
Make sure you don't accidentally encrypt the .gitattributes file itself!
Share the repository with others (or with yourself) using GPG:
git-crypt add-gpg-user USER_ID
`USER_ID` can be a key ID, a full fingerprint, an email address, or
anything else that uniquely identifies a public key to GPG (see "HOW TO
SPECIFY A USER ID" in the gpg man page). Note: `git-crypt add-gpg-user`
will add and commit a GPG-encrypted key file in the .git-crypt directory
of the root of your repository.
Alternatively, you can export a symmetric secret key, which you must
securely convey to collaborators (GPG is not required, and no files
are added to your repository):
git-crypt export-key /path/to/key
After cloning a repository with encrypted files, unlock with with GPG:
git-crypt unlock
Or with a symmetric key:
git-crypt unlock /path/to/key
That's all you need to do - after git-crypt is set up (either with
`git-crypt init` or `git-crypt unlock`), you can use git normally -
encryption and decryption happen transparently.
Current Status
--------------
The latest version of git-crypt is [0.4.1](RELEASE_NOTES-0.4.1.md), released on
2015-01-08. git-crypt aims to be bug-free and reliable, meaning it
shouldn't crash, malfunction, or expose your confidential data.
However, it has not yet reached maturity, meaning it is not as
documented, featureful, or easy-to-use as it should be. Additionally,
there may be backwards-incompatible changes introduced before version
1.0.
Security
--------
git-crypt is more secure that other transparent git encryption systems.
git-crypt encrypts files using AES-256 in CTR mode with a synthetic IV
derived from the SHA-1 HMAC of the file. This is provably semantically
secure under deterministic chosen-plaintext attack. That means that
although the encryption is deterministic (which is required so git can
distinguish when a file has and hasn't changed), it leaks no information
beyond whether two files are identical or not. Other proposals for
transparent git encryption use ECB or CBC with a fixed IV. These
systems are not semantically secure and leak information.
Limitations
-----------
git-crypt relies on git filters, which were not designed with encryption
in mind. As such, git-crypt is not the best tool for encrypting most or
all of the files in a repository. Where git-crypt really shines is where
most of your repository is public, but you have a few files (perhaps
private keys named *.key, or a file with API credentials) which you
need to encrypt. For encrypting an entire repository, consider using a
system like [git-remote-gcrypt](https://github.com/joeyh/git-remote-gcrypt)
instead. (Note: no endorsement is made of git-remote-gcrypt's security.)
git-crypt does not encrypt file names, commit messages, or other metadata.
Files encrypted with git-crypt are not compressible. Even the smallest
change to an encrypted file requires git to store the entire changed file,
instead of just a delta.
Although git-crypt protects individual file contents with a SHA-1
HMAC, git-crypt cannot be used securely unless the entire repository is
protected against tampering (an attacker who can mutate your repository
can alter your .gitattributes file to disable encryption). If necessary,
use git features such as signed tags instead of relying solely on
git-crypt for integrity.
Files encrypted with git-crypt cannot be patched with git-apply, unless
the patch itself is encrypted. To generate an encrypted patch, use `git
diff --no-textconv --binary`. Alternatively, you can apply a plaintext
patch outside of git using the patch command.
git-crypt does [not work reliably with Atlassian
SourceTree](https://jira.atlassian.com/browse/SRCTREE-2511). Files might
be left in an unencrypted state.
Gitattributes File
------------------
The .gitattributes file is documented in the gitattributes(5) man page.
The file pattern format is the same as the one used by .gitignore,
as documented in the gitignore(5) man page, with the exception that
specifying merely a directory (e.g. `/dir/`) is *not* sufficient to
encrypt all files beneath it.
Also note that the pattern `dir/*` does not match files under
sub-directories of dir/. To encrypt an entire sub-tree dir/, place the
following in dir/.gitattributes:
* filter=git-crypt diff=git-crypt
.gitattributes !filter !diff
The second pattern is essential for ensuring that .gitattributes itself
is not encrypted.
Mailing Lists
-------------
To stay abreast of, and provide input to, git-crypt development,
consider subscribing to one or both of our mailing lists:
* [Announcements](https://lists.cloudmutt.com/mailman/listinfo/git-crypt-announce)
* [Discussion](https://lists.cloudmutt.com/mailman/listinfo/git-crypt-discuss)

21
RELEASE_NOTES-0.4.1.md
View File

@@ -1,21 +0,0 @@
git-crypt 0.4.1 is a bugfix-only release that contains an important
usability fix for users who use GPG mode to encrypt an entire repository.
Previously, if you used a '*' pattern in the top-level .gitattributes
file, and you did not explicitly add a pattern to exclude the .git-crypt
directory, the files contained therein would be encrypted, rendering
the repository impossible to unlock with GPG.
git-crypt now adds a .gitattributes file to the .git-crypt directory
to prevent its contents from being encrypted, regardless of patterns in
the top-level .gitattributes.
If you are using git-crypt in GPG mode to encrypt an entire repository,
and you do not already have a .gitattributes pattern to exclude the
.git-crypt directory, you are strongly advised to upgrade. After
upgrading, you should do the following in each of your repositories to
ensure that the information inside .git-crypt is properly stored:
1. Remove existing key files: `rm .git-crypt/keys/*/0/*`
2. Re-add GPG user(s): `git-crypt add-gpg-user GPG_USER_ID ...`

84
RELEASE_NOTES-0.4.md
View File

@@ -1,84 +0,0 @@
Changes to be aware of for git-crypt 0.4
========================================
(For a complete list of changes, see the [NEWS](NEWS.md) file.)
### New workflow
The commands for setting up a repository have changed in git-crypt 0.4.
The previous commands continue to work, but will be removed in a future
release of git-crypt. Please get in the habit of using the new syntax:
`git-crypt init` no longer takes an argument, and is now used only when
initializing a repository for the very first time. It generates a key
and stores it in the `.git` directory. There is no longer a separate
`keygen` step, and you no longer need to keep a copy of the key outside
the repository.
`git-crypt init` is no longer used to decrypt a cloned repository. Instead,
run `git-crypt unlock /path/to/keyfile`, where `keyfile` is obtained by
running `git-crypt export-key /path/to/keyfile` from an already-decrypted
repository.
### GPG mode
git-crypt now supports GPG. A repository can be shared with one or more
GPG users in lieu of sharing a secret symmetric key. Symmetric key support
isn't going away, but the workflow of GPG mode is extremely easy and all users
are encouraged to consider it for their repositories.
See the [README](README.md) for details on using GPG.
### Status command
A new command, `git-crypt status`, lists encrypted files, which is
useful for making sure your `.gitattributes` pattern is protecting the
right files.
### Multiple key support
git-crypt now lets you encrypt different sets of files with different
keys, which is useful if you want to grant different collaborators access
to different sets of files.
See [doc/multiple_keys.md](doc/multiple_keys.md) for details.
### Compatibility with old repositories
Repositories created with older versions of git-crypt continue to work
without any changes needed, and backwards compatibility with these
repositories will be maintained indefinitely.
However, you will not be able to take advantage of git-crypt's new
features, such as GPG support, unless you migrate your repository.
To migrate your repository, first ensure the working tree is clean.
Then migrate your current key file and use the migrated key to unlock
your repository as follows:
git-crypt migrate-key /path/to/old_key /path/to/migrated_key
git-crypt unlock /path/to/migrated_key
Once you've confirmed that your repository is functional, you can delete
both the old and migrated key files (though keeping a backup of your key
is always a good idea).
### Known issues
It is not yet possible to revoke access from a GPG user. This will
require substantial development work and will be a major focus of future
git-crypt development.
The output of `git-crypt status` is currently very bare-bones and will
be substantially improved in a future release. Do not rely on its output
being stable. A future release of git-crypt will provide an option for stable
machine-readable output.
On Windows, git-crypt does not create key files with restrictive
permissions. Take care when using git-crypt on a multi-user Windows system.

19
THANKS.md
View File

@@ -1,19 +0,0 @@
For their contributions to git-crypt, I thank:
* Michael Mior and @zimbatm for the Homebrew formula.
* Cyril Cleaud for help with Windows support.
* The following people for contributing patches:
* Adam Nelson
* Caleb Maclennan
* Darayus Nanavati
* Jon Sailor
* Linus G Thiel
* Michael Schout
* Simon Kotlinski
* And everyone who has tested git-crypt, provided feedback, reported
bugs, and participated in discussions about new features.
Thank you!

1454
commands.cpp
View File

File diff suppressed because it is too large Load Diff

49
commands.hpp
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2012, 2014 Andrew Ayer
* Copyright 2012 Andrew Ayer
*
* This file is part of git-crypt.
*
@@ -28,46 +28,15 @@
* as that of the covered work.
*/
#ifndef GIT_CRYPT_COMMANDS_HPP
#define GIT_CRYPT_COMMANDS_HPP
#ifndef _COMMANDS_H
#define _COMMANDS_H
#include <string>
#include <iosfwd>
struct Error {
std::string message;
explicit Error (std::string m) : message(m) { }
};
// Plumbing commands:
int clean (int argc, const char** argv);
int smudge (int argc, const char** argv);
int diff (int argc, const char** argv);
// Public commands:
int init (int argc, const char** argv);
int unlock (int argc, const char** argv);
int lock (int argc, const char** argv);
int add_gpg_user (int argc, const char** argv);
int rm_gpg_user (int argc, const char** argv);
int ls_gpg_users (int argc, const char** argv);
int export_key (int argc, const char** argv);
int keygen (int argc, const char** argv);
int migrate_key (int argc, const char** argv);
int refresh (int argc, const char** argv);
int status (int argc, const char** argv);
// Help messages:
void help_init (std::ostream&);
void help_unlock (std::ostream&);
void help_lock (std::ostream&);
void help_add_gpg_user (std::ostream&);
void help_rm_gpg_user (std::ostream&);
void help_ls_gpg_users (std::ostream&);
void help_export_key (std::ostream&);
void help_keygen (std::ostream&);
void help_migrate_key (std::ostream&);
void help_refresh (std::ostream&);
void help_status (std::ostream&);
void clean (const char* keyfile);
void smudge (const char* keyfile);
void diff (const char* keyfile, const char* filename);
void init (const char* argv0, const char* keyfile);
void keygen (const char* keyfile);
#endif

115
crypto-openssl.cpp
View File

@@ -1,115 +0,0 @@
/*
* Copyright 2012, 2014 Andrew Ayer
*
* This file is part of git-crypt.
*
* git-crypt is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* git-crypt is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with git-crypt. If not, see <http://www.gnu.org/licenses/>.
*
* Additional permission under GNU GPL version 3 section 7:
*
* If you modify the Program, or any covered work, by linking or
* combining it with the OpenSSL project's OpenSSL library (or a
* modified version of that library), containing parts covered by the
* terms of the OpenSSL or SSLeay licenses, the licensors of the Program
* grant you additional permission to convey the resulting work.
* Corresponding Source for a non-source form of such a combination
* shall include the source code for the parts of OpenSSL used as well
* as that of the covered work.
*/
#include "crypto.hpp"
#include "key.hpp"
#include "util.hpp"
#include <openssl/aes.h>
#include <openssl/sha.h>
#include <openssl/hmac.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/err.h>
#include <sstream>
#include <cstring>
void init_crypto ()
{
ERR_load_crypto_strings();
}
struct Aes_ecb_encryptor::Aes_impl {
AES_KEY key;
};
Aes_ecb_encryptor::Aes_ecb_encryptor (const unsigned char* raw_key)
: impl(new Aes_impl)
{
if (AES_set_encrypt_key(raw_key, KEY_LEN * 8, &(impl->key)) != 0) {
throw Crypto_error("Aes_ctr_encryptor::Aes_ctr_encryptor", "AES_set_encrypt_key failed");
}
}
Aes_ecb_encryptor::~Aes_ecb_encryptor ()
{
// Note: Explicit destructor necessary because class contains an auto_ptr
// which contains an incomplete type when the auto_ptr is declared.
explicit_memset(&impl->key, '\0', sizeof(impl->key));
}
void Aes_ecb_encryptor::encrypt(const unsigned char* plain, unsigned char* cipher)
{
AES_encrypt(plain, cipher, &(impl->key));
}
struct Hmac_sha1_state::Hmac_impl {
HMAC_CTX ctx;
};
Hmac_sha1_state::Hmac_sha1_state (const unsigned char* key, size_t key_len)
: impl(new Hmac_impl)
{
HMAC_Init(&(impl->ctx), key, key_len, EVP_sha1());
}
Hmac_sha1_state::~Hmac_sha1_state ()
{
// Note: Explicit destructor necessary because class contains an auto_ptr
// which contains an incomplete type when the auto_ptr is declared.
HMAC_cleanup(&(impl->ctx));
}
void Hmac_sha1_state::add (const unsigned char* buffer, size_t buffer_len)
{
HMAC_Update(&(impl->ctx), buffer, buffer_len);
}
void Hmac_sha1_state::get (unsigned char* digest)
{
unsigned int len;
HMAC_Final(&(impl->ctx), digest, &len);
}
void random_bytes (unsigned char* buffer, size_t len)
{
if (RAND_bytes(buffer, len) != 1) {
std::ostringstream message;
while (unsigned long code = ERR_get_error()) {
char error_string[120];
ERR_error_string_n(code, error_string, sizeof(error_string));
message << "OpenSSL Error: " << error_string << "; ";
}
throw Crypto_error("random_bytes", message.str());
}
}

108
crypto.cpp
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2012, 2014 Andrew Ayer
* Copyright 2012 Andrew Ayer
*
* This file is part of git-crypt.
*
@@ -28,54 +28,102 @@
* as that of the covered work.
*/
#define _BSD_SOURCE
#include "crypto.hpp"
#include "util.hpp"
#include <openssl/aes.h>
#include <openssl/sha.h>
#include <openssl/hmac.h>
#include <openssl/evp.h>
#include <fstream>
#include <iostream>
#include <cstring>
#include <cstdlib>
#include <arpa/inet.h>
Aes_ctr_encryptor::Aes_ctr_encryptor (const unsigned char* raw_key, const unsigned char* nonce)
: ecb(raw_key)
void load_keys (const char* filepath, keys_t* keys)
{
// Set first 12 bytes of the CTR value to the nonce.
// This stays the same for the entirety of this object's lifetime.
std::memcpy(ctr_value, nonce, NONCE_LEN);
std::ifstream file(filepath);
if (!file) {
perror(filepath);
std::exit(1);
}
char buffer[AES_KEY_BITS/8 + HMAC_KEY_LEN];
file.read(buffer, sizeof(buffer));
if (file.gcount() != sizeof(buffer)) {
std::clog << filepath << ": Premature end of key file\n";
std::exit(1);
}
// First comes the AES encryption key
if (AES_set_encrypt_key(reinterpret_cast<uint8_t*>(buffer), AES_KEY_BITS, &keys->enc) != 0) {
std::clog << filepath << ": Failed to initialize AES encryption key\n";
std::exit(1);
}
// Then it's the HMAC key
memcpy(keys->hmac, buffer + AES_KEY_BITS/8, HMAC_KEY_LEN);
}
aes_ctr_state::aes_ctr_state (const uint8_t* arg_nonce, size_t arg_nonce_len)
{
memset(nonce, '\0', sizeof(nonce));
memcpy(nonce, arg_nonce, std::min(arg_nonce_len, sizeof(nonce)));
byte_counter = 0;
memset(otp, '\0', sizeof(otp));
}
Aes_ctr_encryptor::~Aes_ctr_encryptor ()
{
explicit_memset(pad, '\0', BLOCK_LEN);
}
void Aes_ctr_encryptor::process (const unsigned char* in, unsigned char* out, size_t len)
void aes_ctr_state::process (const AES_KEY* key, const uint8_t* in, uint8_t* out, size_t len)
{
for (size_t i = 0; i < len; ++i) {
if (byte_counter % BLOCK_LEN == 0) {
// Set last 4 bytes of CTR to the (big-endian) block number (sequentially increasing with each block)
store_be32(ctr_value + NONCE_LEN, byte_counter / BLOCK_LEN);
// Generate a new pad
ecb.encrypt(ctr_value, pad);
if (byte_counter % 16 == 0) {
// Generate a new OTP
// CTR value:
// first 12 bytes - nonce
// last 4 bytes - block number (sequentially increasing with each block)
uint8_t ctr[16];
uint32_t blockno = htonl(byte_counter / 16);
memcpy(ctr, nonce, 12);
memcpy(ctr + 12, &blockno, 4);
AES_encrypt(ctr, otp, key);
}
// encrypt one byte
out[i] = in[i] ^ pad[byte_counter++ % BLOCK_LEN];
if (byte_counter == 0) {
throw Crypto_error("Aes_ctr_encryptor::process", "Too much data to encrypt securely");
}
out[i] = in[i] ^ otp[byte_counter++ % 16];
}
}
// Encrypt/decrypt an entire input stream, writing to the given output stream
void Aes_ctr_encryptor::process_stream (std::istream& in, std::ostream& out, const unsigned char* key, const unsigned char* nonce)
hmac_sha1_state::hmac_sha1_state (const uint8_t* key, size_t key_len)
{
Aes_ctr_encryptor aes(key, nonce);
HMAC_Init(&ctx, key, key_len, EVP_sha1());
}
unsigned char buffer[1024];
hmac_sha1_state::~hmac_sha1_state ()
{
HMAC_cleanup(&ctx);
}
void hmac_sha1_state::add (const uint8_t* buffer, size_t buffer_len)
{
HMAC_Update(&ctx, buffer, buffer_len);
}
void hmac_sha1_state::get (uint8_t* digest)
{
unsigned int len;
HMAC_Final(&ctx, digest, &len);
}
// Encrypt/decrypt an entire input stream, writing to the given output stream
void process_stream (std::istream& in, std::ostream& out, const AES_KEY* enc_key, const uint8_t* nonce)
{
aes_ctr_state state(nonce, 12);
uint8_t buffer[1024];
while (in) {
in.read(reinterpret_cast<char*>(buffer), sizeof(buffer));
aes.process(buffer, buffer, in.gcount());
state.process(enc_key, buffer, buffer, in.gcount());
out.write(reinterpret_cast<char*>(buffer), in.gcount());
}
}

104
crypto.hpp
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2012, 2014 Andrew Ayer
* Copyright 2012 Andrew Ayer
*
* This file is part of git-crypt.
*
@@ -28,90 +28,56 @@
* as that of the covered work.
*/
#ifndef GIT_CRYPT_CRYPTO_HPP
#define GIT_CRYPT_CRYPTO_HPP
#ifndef _CRYPTO_H
#define _CRYPTO_H
#include "key.hpp"
#include <openssl/aes.h>
#include <openssl/hmac.h>
#include <stdint.h>
#include <stddef.h>
#include <iosfwd>
#include <string>
#include <memory>
void init_crypto ();
struct Crypto_error {
std::string where;
std::string message;
Crypto_error (const std::string& w, const std::string& m) : where(w), message(m) { }
enum {
SHA1_LEN = 20,
NONCE_LEN = 12,
HMAC_KEY_LEN = 64,
AES_KEY_BITS = 256,
MAX_CRYPT_BYTES = (1ULL<<32)*16 // Don't encrypt more than this or the CTR value will repeat itself
};
class Aes_ecb_encryptor {
public:
enum {
KEY_LEN = AES_KEY_LEN,
BLOCK_LEN = 16
};
struct keys_t {
AES_KEY enc;
uint8_t hmac[HMAC_KEY_LEN];
};
void load_keys (const char* filepath, keys_t* keys);
private:
struct Aes_impl;
std::auto_ptr<Aes_impl> impl;
class aes_ctr_state {
char nonce[NONCE_LEN];// First 96 bits of counter
uint32_t byte_counter; // How many bytes processed so far?
uint8_t otp[16]; // The current OTP that's in use
public:
Aes_ecb_encryptor (const unsigned char* key);
~Aes_ecb_encryptor ();
void encrypt (const unsigned char* plain, unsigned char* cipher);
aes_ctr_state (const uint8_t* arg_nonce, size_t arg_nonce_len);
void process (const AES_KEY* key, const uint8_t* in, uint8_t* out, size_t len);
};
class Aes_ctr_encryptor {
class hmac_sha1_state {
HMAC_CTX ctx;
// disallow copy/assignment:
hmac_sha1_state (const hmac_sha1_state&) { }
hmac_sha1_state& operator= (const hmac_sha1_state&) { return *this; }
public:
enum {
NONCE_LEN = 12,
KEY_LEN = AES_KEY_LEN,
BLOCK_LEN = 16,
MAX_CRYPT_BYTES = (1ULL<<32)*16 // Don't encrypt more than this or the CTR value will repeat itself
};
hmac_sha1_state (const uint8_t* key, size_t key_len);
~hmac_sha1_state ();
private:
Aes_ecb_encryptor ecb;
unsigned char ctr_value[BLOCK_LEN]; // Current CTR value (used as input to AES to derive pad)
unsigned char pad[BLOCK_LEN]; // Current encryption pad (output of AES)
uint32_t byte_counter; // How many bytes processed so far?
public:
Aes_ctr_encryptor (const unsigned char* key, const unsigned char* nonce);
~Aes_ctr_encryptor ();
void process (const unsigned char* in, unsigned char* out, size_t len);
// Encrypt/decrypt an entire input stream, writing to the given output stream
static void process_stream (std::istream& in, std::ostream& out, const unsigned char* key, const unsigned char* nonce);
void add (const uint8_t* buffer, size_t buffer_len);
void get (uint8_t*);
};
typedef Aes_ctr_encryptor Aes_ctr_decryptor;
// Encrypt/decrypt an entire input stream, writing to the given output stream
void process_stream (std::istream& in, std::ostream& out, const AES_KEY* enc_key, const uint8_t* nonce);
class Hmac_sha1_state {
public:
enum {
LEN = 20,
KEY_LEN = HMAC_KEY_LEN
};
private:
struct Hmac_impl;
std::auto_ptr<Hmac_impl> impl;
public:
Hmac_sha1_state (const unsigned char* key, size_t key_len);
~Hmac_sha1_state ();
void add (const unsigned char* buffer, size_t buffer_len);
void get (unsigned char*);
};
void random_bytes (unsigned char*, size_t);
#endif

5
debian/changelog vendored Normal file
View File

@@ -0,0 +1,5 @@
git-crypt (0.3-1) unstable; urgency=low
* Initial release.
-- Andrew Ayer <agwa@andrewayer.name> Sat, 29 Mar 2014 12:38:14 -0700

1
debian/compat vendored Normal file
View File

@@ -0,0 +1 @@
9

23
debian/control vendored Normal file
View File

@@ -0,0 +1,23 @@
Source: git-crypt
Maintainer: Andrew Ayer <agwa@andrewayer.name>
Section: vcs
Priority: optional
Standards-Version: 3.9.4
Build-Depends: debhelper (>= 9), make (>= 3.81-5), libc6-dev (>= 2.7-18), gcc (>= 4:4.3.2-2), coreutils (>= 6.10-6), libssl-dev (>= 0.9.8o-4)
Vcs-Git: https://www.agwa.name/git/git-crypt.git -b debian
Homepage: https://www.agwa.name/projects/git-crypt
Package: git-crypt
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, git (>= 1.7.2)
Enhances: git
Description: Transparent file encryption in git
git-crypt enables transparent encryption and decryption of files in a
git repository. Files which you choose to protect are encrypted when
committed, and decrypted when checked out. git-crypt lets you freely
share a repository containing a mix of public and private content.
git-crypt gracefully degrades, so developers without the secret key
can still clone and commit to a repository with encrypted files.
This lets you store your secret material (such as keys or passwords)
in the same repository as your code, without requiring you to lock down
your entire repository.

34
debian/copyright vendored Normal file
View File

@@ -0,0 +1,34 @@
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: git-crypt
Source: https://github.com/AGWA/git-crypt
Files: *
Copyright: Copyright 2014 Andrew Ayer <agwa@andrewayer.name>
License: GPL-3+ with OpenSSL exception
git-crypt is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
.
git-crypt is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
.
You should have received a copy of the GNU General Public License
along with git-crypt. If not, see <http://www.gnu.org/licenses/>.
.
On Debian systems, the full text of the GNU General Public
License version 3 can be found in the file
`/usr/share/common-licenses/GPL-3'.
.
Additional permission under GNU GPL version 3 section 7:
.
If you modify the Program, or any covered work, by linking or
combining it with the OpenSSL project's OpenSSL library (or a
modified version of that library), containing parts covered by the
terms of the OpenSSL or SSLeay licenses, the licensors of the Program
grant you additional permission to convey the resulting work.
Corresponding Source for a non-source form of such a combination
shall include the source code for the parts of OpenSSL used as well
as that of the covered work.

4
debian/gbp.conf vendored Normal file
View File

@@ -0,0 +1,4 @@
[DEFAULT]
debian-branch = debian
upstream-tag = %(version)s

1
debian/git-crypt.docs vendored Normal file
View File

@@ -0,0 +1 @@
README

1
debian/git-crypt.install vendored Normal file
View File

@@ -0,0 +1 @@
git-crypt usr/bin

15
debian/rules vendored Executable file
View File

@@ -0,0 +1,15 @@
#!/usr/bin/make -f
# -*- makefile -*-
# Sample debian/rules that uses debhelper.
# This file was originally written by Joey Hess and Craig Small.
# As a special exception, when this file is copied by dh-make into a
# dh-make output file, you may use that output file without restriction.
# This special exception was added by Craig Small in version 0.37 of dh-make.
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
%:
dh $@
override_dh_auto_install:

24
doc/multiple_keys.md
View File

@@ -1,24 +0,0 @@
In addition to the implicit default key, git-crypt supports alternative
keys which can be used to encrypt specific files and can be shared with
specific GPG users. This is useful if you want to grant different
collaborators access to different sets of files.
To generate an alternative key named KEYNAME, pass the `-k KEYNAME`
option to `git-crypt init` as follows:
git-crypt init -k KEYNAME
To encrypt a file with an alternative key, use the `git-crypt-KEYNAME`
filter in `.gitattributes` as follows:
secretfile filter=git-crypt-KEYNAME diff=git-crypt-KEYNAME
To export an alternative key or share it with a GPG user, pass the `-k
KEYNAME` option to `git-crypt export-key` or `git-crypt add-gpg-user`
as follows:
git-crypt export-key -k KEYNAME /path/to/keyfile
git-crypt add-gpg-user -k KEYNAME GPG_USER_ID
To unlock a repository with an alternative key, use `git-crypt unlock`
normally. git-crypt will automatically determine which key is being used.

245
git-crypt.cpp
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2012, 2014 Andrew Ayer
* Copyright 2012 Andrew Ayer
*
* This file is part of git-crypt.
*
@@ -28,236 +28,59 @@
* as that of the covered work.
*/
#include "git-crypt.hpp"
#include "commands.hpp"
#include "util.hpp"
#include "crypto.hpp"
#include "key.hpp"
#include "gpg.hpp"
#include "parse_options.hpp"
#include <cstring>
#include <unistd.h>
#include <iostream>
#include <string.h>
#include <openssl/err.h>
const char* argv0;
static void print_usage (std::ostream& out)
static void print_usage (const char* argv0)
{
out << "Usage: " << argv0 << " COMMAND [ARGS ...]" << std::endl;
out << std::endl;
// |--------------------------------------------------------------------------------| 80 characters
out << "Common commands:" << std::endl;
out << " init generate a key and prepare repo to use git-crypt" << std::endl;
out << " status display which files are encrypted" << std::endl;
//out << " refresh ensure all files in the repo are properly decrypted" << std::endl;
out << " lock de-configure git-crypt and re-encrypt files in work tree" << std::endl;
out << std::endl;
out << "GPG commands:" << std::endl;
out << " add-gpg-user USERID add the user with the given GPG user ID as a collaborator" << std::endl;
//out << " rm-gpg-user USERID revoke collaborator status from the given GPG user ID" << std::endl;
//out << " ls-gpg-users list the GPG key IDs of collaborators" << std::endl;
out << " unlock decrypt this repo using the in-repo GPG-encrypted key" << std::endl;
out << std::endl;
out << "Symmetric key commands:" << std::endl;
out << " export-key FILE export this repo's symmetric key to the given file" << std::endl;
out << " unlock KEYFILE decrypt this repo using the given symmetric key" << std::endl;
out << std::endl;
out << "Legacy commands:" << std::endl;
out << " init KEYFILE alias for 'unlock KEYFILE'" << std::endl;
out << " keygen KEYFILE generate a git-crypt key in the given file" << std::endl;
out << " migrate-key OLD NEW migrate the legacy key file OLD to the new format in NEW" << std::endl;
/*
out << std::endl;
out << "Plumbing commands (not to be used directly):" << std::endl;
out << " clean [LEGACY-KEYFILE]" << std::endl;
out << " smudge [LEGACY-KEYFILE]" << std::endl;
out << " diff [LEGACY-KEYFILE] FILE" << std::endl;
*/
out << std::endl;
out << "See 'git-crypt help COMMAND' for more information on a specific command." << std::endl;
}
static void print_version (std::ostream& out)
{
out << "git-crypt " << VERSION << std::endl;
}
static bool help_for_command (const char* command, std::ostream& out)
{
if (std::strcmp(command, "init") == 0) {
help_init(out);
} else if (std::strcmp(command, "unlock") == 0) {
help_unlock(out);
} else if (std::strcmp(command, "lock") == 0) {
help_lock(out);
} else if (std::strcmp(command, "add-gpg-user") == 0) {
help_add_gpg_user(out);
} else if (std::strcmp(command, "rm-gpg-user") == 0) {
help_rm_gpg_user(out);
} else if (std::strcmp(command, "ls-gpg-users") == 0) {
help_ls_gpg_users(out);
} else if (std::strcmp(command, "export-key") == 0) {
help_export_key(out);
} else if (std::strcmp(command, "keygen") == 0) {
help_keygen(out);
} else if (std::strcmp(command, "migrate-key") == 0) {
help_migrate_key(out);
} else if (std::strcmp(command, "refresh") == 0) {
help_refresh(out);
} else if (std::strcmp(command, "status") == 0) {
help_status(out);
} else {
return false;
}
return true;
}
static int help (int argc, const char** argv)
{
if (argc == 0) {
print_usage(std::cout);
} else {
if (!help_for_command(argv[0], std::cout)) {
std::clog << "Error: '" << argv[0] << "' is not a git-crypt command. See 'git-crypt help'." << std::endl;
return 1;
}
}
return 0;
}
static int version (int argc, const char** argv)
{
print_version(std::cout);
return 0;
std::clog << "Usage: " << argv0 << " COMMAND [ARGS ...]\n";
std::clog << "\n";
std::clog << "Valid commands:\n";
std::clog << " init KEYFILE - prepare the current git repo to use git-crypt with this key\n";
std::clog << " keygen KEYFILE - generate a git-crypt key in the given file\n";
std::clog << "\n";
std::clog << "Plumbing commands (not to be used directly):\n";
std::clog << " clean KEYFILE\n";
std::clog << " smudge KEYFILE\n";
std::clog << " diff KEYFILE FILE\n";
}
int main (int argc, const char** argv)
try {
argv0 = argv[0];
// The following two lines are essential for achieving good performance:
std::ios_base::sync_with_stdio(false);
std::cin.tie(0);
/*
* General initialization
*/
std::cin.exceptions(std::ios_base::badbit);
std::cout.exceptions(std::ios_base::badbit);
init_std_streams();
init_crypto();
/*
* Parse command line arguments
*/
int arg_index = 1;
while (arg_index < argc && argv[arg_index][0] == '-') {
if (std::strcmp(argv[arg_index], "--help") == 0) {
print_usage(std::clog);
return 0;
} else if (std::strcmp(argv[arg_index], "--version") == 0) {
print_version(std::clog);
return 0;
} else if (std::strcmp(argv[arg_index], "--") == 0) {
++arg_index;
break;
} else {
std::clog << argv0 << ": " << argv[arg_index] << ": Unknown option" << std::endl;
print_usage(std::clog);
return 2;
}
}
argc -= arg_index;
argv += arg_index;
if (argc == 0) {
print_usage(std::clog);
if (argc < 3) {
print_usage(argv[0]);
return 2;
}
/*
* Pass off to command handler
*/
const char* command = argv[0];
--argc;
++argv;
ERR_load_crypto_strings();
try {
// Public commands:
if (std::strcmp(command, "help") == 0) {
return help(argc, argv);
}
if (std::strcmp(command, "version") == 0) {
return version(argc, argv);
}
if (std::strcmp(command, "init") == 0) {
return init(argc, argv);
}
if (std::strcmp(command, "unlock") == 0) {
return unlock(argc, argv);
}
if (std::strcmp(command, "lock") == 0) {
return lock(argc, argv);
}
if (std::strcmp(command, "add-gpg-user") == 0) {
return add_gpg_user(argc, argv);
}
if (std::strcmp(command, "rm-gpg-user") == 0) {
return rm_gpg_user(argc, argv);
}
if (std::strcmp(command, "ls-gpg-users") == 0) {
return ls_gpg_users(argc, argv);
}
if (std::strcmp(command, "export-key") == 0) {
return export_key(argc, argv);
}
if (std::strcmp(command, "keygen") == 0) {
return keygen(argc, argv);
}
if (std::strcmp(command, "migrate-key") == 0) {
return migrate_key(argc, argv);
}
if (std::strcmp(command, "refresh") == 0) {
return refresh(argc, argv);
}
if (std::strcmp(command, "status") == 0) {
return status(argc, argv);
}
// Plumbing commands (executed by git, not by user):
if (std::strcmp(command, "clean") == 0) {
return clean(argc, argv);
}
if (std::strcmp(command, "smudge") == 0) {
return smudge(argc, argv);
}
if (std::strcmp(command, "diff") == 0) {
return diff(argc, argv);
}
} catch (const Option_error& e) {
std::clog << "git-crypt: Error: " << e.option_name << ": " << e.message << std::endl;
help_for_command(command, std::clog);
if (strcmp(argv[1], "init") == 0 && argc == 3) {
init(argv[0], argv[2]);
} else if (strcmp(argv[1], "keygen") == 0 && argc == 3) {
keygen(argv[2]);
} else if (strcmp(argv[1], "clean") == 0 && argc == 3) {
clean(argv[2]);
} else if (strcmp(argv[1], "smudge") == 0 && argc == 3) {
smudge(argv[2]);
} else if (strcmp(argv[1], "diff") == 0 && argc == 4) {
diff(argv[2], argv[3]);
} else {
print_usage(argv[0]);
return 2;
}
std::clog << "Error: '" << command << "' is not a git-crypt command. See 'git-crypt help'." << std::endl;
return 2;
} catch (const Error& e) {
std::cerr << "git-crypt: Error: " << e.message << std::endl;
return 1;
} catch (const Gpg_error& e) {
std::cerr << "git-crypt: GPG error: " << e.message << std::endl;
return 1;
} catch (const System_error& e) {
std::cerr << "git-crypt: System error: " << e.message() << std::endl;
return 1;
} catch (const Crypto_error& e) {
std::cerr << "git-crypt: Crypto error: " << e.where << ": " << e.message << std::endl;
return 1;
} catch (Key_file::Incompatible) {
std::cerr << "git-crypt: This repository contains a incompatible key file. Please upgrade git-crypt." << std::endl;
return 1;
} catch (Key_file::Malformed) {
std::cerr << "git-crypt: This repository contains a malformed key file. It may be corrupted." << std::endl;
return 1;
return 0;
} catch (const std::ios_base::failure& e) {
std::cerr << "git-crypt: I/O error: " << e.what() << std::endl;
return 1;

38
git-crypt.hpp
View File

@@ -1,38 +0,0 @@
/*
* Copyright 2014 Andrew Ayer
*
* This file is part of git-crypt.
*
* git-crypt is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* git-crypt is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with git-crypt. If not, see <http://www.gnu.org/licenses/>.
*
* Additional permission under GNU GPL version 3 section 7:
*
* If you modify the Program, or any covered work, by linking or
* combining it with the OpenSSL project's OpenSSL library (or a
* modified version of that library), containing parts covered by the
* terms of the OpenSSL or SSLeay licenses, the licensors of the Program
* grant you additional permission to convey the resulting work.
* Corresponding Source for a non-source form of such a combination
* shall include the source code for the parts of OpenSSL used as well
* as that of the covered work.
*/
#ifndef GIT_CRYPT_GIT_CRYPT_HPP
#define GIT_CRYPT_GIT_CRYPT_HPP
#define VERSION "0.4.1"
extern const char* argv0; // initialized in main() to argv[0]
#endif

176
gpg.cpp
View File

@@ -1,176 +0,0 @@
/*
* Copyright 2014 Andrew Ayer
*
* This file is part of git-crypt.
*
* git-crypt is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* git-crypt is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with git-crypt. If not, see <http://www.gnu.org/licenses/>.
*
* Additional permission under GNU GPL version 3 section 7:
*
* If you modify the Program, or any covered work, by linking or
* combining it with the OpenSSL project's OpenSSL library (or a
* modified version of that library), containing parts covered by the
* terms of the OpenSSL or SSLeay licenses, the licensors of the Program
* grant you additional permission to convey the resulting work.
* Corresponding Source for a non-source form of such a combination
* shall include the source code for the parts of OpenSSL used as well
* as that of the covered work.
*/
#include "gpg.hpp"
#include "util.hpp"
#include <sstream>
static std::string gpg_nth_column (const std::string& line, unsigned int col)
{
std::string::size_type pos = 0;
for (unsigned int i = 0; i < col; ++i) {
pos = line.find_first_of(':', pos);
if (pos == std::string::npos) {
throw Gpg_error("Malformed output from gpg");
}
pos = pos + 1;
}
const std::string::size_type end_pos = line.find_first_of(':', pos);
return end_pos != std::string::npos ?
line.substr(pos, end_pos - pos) :
line.substr(pos);
}
// given a key fingerprint, return the last 8 nibbles
std::string gpg_shorten_fingerprint (const std::string& fingerprint)
{
return fingerprint.size() == 40 ? fingerprint.substr(32) : fingerprint;
}
// given a key fingerprint, return the key's UID (e.g. "John Smith <jsmith@example.com>")
std::string gpg_get_uid (const std::string& fingerprint)
{
// gpg --batch --with-colons --fixed-list-mode --list-keys 0x7A399B2DB06D039020CD1CE1D0F3702D61489532
std::vector<std::string> command;
command.push_back("gpg");
command.push_back("--batch");
command.push_back("--with-colons");
command.push_back("--fixed-list-mode");
command.push_back("--list-keys");
command.push_back("0x" + fingerprint);
std::stringstream command_output;
if (!successful_exit(exec_command(command, command_output))) {
// This could happen if the keyring does not contain a public key with this fingerprint
return "";
}
while (command_output.peek() != -1) {
std::string line;
std::getline(command_output, line);
if (line.substr(0, 4) == "uid:") {
// uid:u::::1395975462::AB97D6E3E5D8789988CA55E5F77D9E7397D05229::John Smith <jsmith@example.com>:
// want the 9th column (counting from 0)
return gpg_nth_column(line, 9);
}
}
return "";
}
// return a list of fingerprints of public keys matching the given search query (such as jsmith@example.com)
std::vector<std::string> gpg_lookup_key (const std::string& query)
{
std::vector<std::string> fingerprints;
// gpg --batch --with-colons --fingerprint --list-keys jsmith@example.com
std::vector<std::string> command;
command.push_back("gpg");
command.push_back("--batch");
command.push_back("--with-colons");
command.push_back("--fingerprint");
command.push_back("--list-keys");
command.push_back(query);
std::stringstream command_output;
if (successful_exit(exec_command(command, command_output))) {
while (command_output.peek() != -1) {
std::string line;
std::getline(command_output, line);
if (line.substr(0, 4) == "fpr:") {
// fpr:::::::::7A399B2DB06D039020CD1CE1D0F3702D61489532:
// want the 9th column (counting from 0)
fingerprints.push_back(gpg_nth_column(line, 9));
}
}
}
return fingerprints;
}
std::vector<std::string> gpg_list_secret_keys ()
{
// gpg --batch --with-colons --list-secret-keys --fingerprint
std::vector<std::string> command;
command.push_back("gpg");
command.push_back("--batch");
command.push_back("--with-colons");
command.push_back("--list-secret-keys");
command.push_back("--fingerprint");
std::stringstream command_output;
if (!successful_exit(exec_command(command, command_output))) {
throw Gpg_error("gpg --list-secret-keys failed");
}
std::vector<std::string> secret_keys;
while (command_output.peek() != -1) {
std::string line;
std::getline(command_output, line);
if (line.substr(0, 4) == "fpr:") {
// fpr:::::::::7A399B2DB06D039020CD1CE1D0F3702D61489532:
// want the 9th column (counting from 0)
secret_keys.push_back(gpg_nth_column(line, 9));
}
}
return secret_keys;
}
void gpg_encrypt_to_file (const std::string& filename, const std::string& recipient_fingerprint, const char* p, size_t len)
{
// gpg --batch -o FILENAME -r RECIPIENT -e
std::vector<std::string> command;
command.push_back("gpg");
command.push_back("--batch");
command.push_back("-o");
command.push_back(filename);
command.push_back("-r");
command.push_back("0x" + recipient_fingerprint);
command.push_back("-e");
if (!successful_exit(exec_command_with_input(command, p, len))) {
throw Gpg_error("Failed to encrypt");
}
}
void gpg_decrypt_from_file (const std::string& filename, std::ostream& output)
{
// gpg -q -d FILENAME
std::vector<std::string> command;
command.push_back("gpg");
command.push_back("-q");
command.push_back("-d");
command.push_back(filename);
if (!successful_exit(exec_command(command, output))) {
throw Gpg_error("Failed to decrypt");
}
}

51
gpg.hpp
View File

@@ -1,51 +0,0 @@
/*
* Copyright 2014 Andrew Ayer
*
* This file is part of git-crypt.
*
* git-crypt is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* git-crypt is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with git-crypt. If not, see <http://www.gnu.org/licenses/>.
*
* Additional permission under GNU GPL version 3 section 7:
*
* If you modify the Program, or any covered work, by linking or
* combining it with the OpenSSL project's OpenSSL library (or a
* modified version of that library), containing parts covered by the
* terms of the OpenSSL or SSLeay licenses, the licensors of the Program
* grant you additional permission to convey the resulting work.
* Corresponding Source for a non-source form of such a combination
* shall include the source code for the parts of OpenSSL used as well
* as that of the covered work.
*/
#ifndef GIT_CRYPT_GPG_HPP
#define GIT_CRYPT_GPG_HPP
#include <string>
#include <vector>
#include <cstddef>
struct Gpg_error {
std::string message;
explicit Gpg_error (std::string m) : message(m) { }
};
std::string gpg_shorten_fingerprint (const std::string& fingerprint);
std::string gpg_get_uid (const std::string& fingerprint);
std::vector<std::string> gpg_lookup_key (const std::string& query);
std::vector<std::string> gpg_list_secret_keys ();
void gpg_encrypt_to_file (const std::string& filename, const std::string& recipient_fingerprint, const char* p, size_t len);
void gpg_decrypt_from_file (const std::string& filename, std::ostream&);
#endif

336
key.cpp
View File

@@ -1,336 +0,0 @@
/*
* Copyright 2014 Andrew Ayer
*
* This file is part of git-crypt.
*
* git-crypt is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* git-crypt is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with git-crypt. If not, see <http://www.gnu.org/licenses/>.
*
* Additional permission under GNU GPL version 3 section 7:
*
* If you modify the Program, or any covered work, by linking or
* combining it with the OpenSSL project's OpenSSL library (or a
* modified version of that library), containing parts covered by the
* terms of the OpenSSL or SSLeay licenses, the licensors of the Program
* grant you additional permission to convey the resulting work.
* Corresponding Source for a non-source form of such a combination
* shall include the source code for the parts of OpenSSL used as well
* as that of the covered work.
*/
#include "key.hpp"
#include "util.hpp"
#include "crypto.hpp"
#include <sys/types.h>
#include <sys/stat.h>
#include <stdint.h>
#include <fstream>
#include <istream>
#include <ostream>
#include <sstream>
#include <cstring>
#include <stdexcept>
#include <vector>
Key_file::Entry::Entry ()
{
version = 0;
explicit_memset(aes_key, 0, AES_KEY_LEN);
explicit_memset(hmac_key, 0, HMAC_KEY_LEN);
}
void Key_file::Entry::load (std::istream& in)
{
while (true) {
uint32_t field_id;
if (!read_be32(in, field_id)) {
throw Malformed();
}
if (field_id == KEY_FIELD_END) {
break;
}
uint32_t field_len;
if (!read_be32(in, field_len)) {
throw Malformed();
}
if (field_id == KEY_FIELD_VERSION) {
if (field_len != 4) {
throw Malformed();
}
if (!read_be32(in, version)) {
throw Malformed();
}
} else if (field_id == KEY_FIELD_AES_KEY) {
if (field_len != AES_KEY_LEN) {
throw Malformed();
}
in.read(reinterpret_cast<char*>(aes_key), AES_KEY_LEN);
if (in.gcount() != AES_KEY_LEN) {
throw Malformed();
}
} else if (field_id == KEY_FIELD_HMAC_KEY) {
if (field_len != HMAC_KEY_LEN) {
throw Malformed();
}
in.read(reinterpret_cast<char*>(hmac_key), HMAC_KEY_LEN);
if (in.gcount() != HMAC_KEY_LEN) {
throw Malformed();
}
} else if (field_id & 1) { // unknown critical field
throw Incompatible();
} else {
// unknown non-critical field - safe to ignore
if (field_len > MAX_FIELD_LEN) {
throw Malformed();
}
in.ignore(field_len);
if (in.gcount() != static_cast<std::streamsize>(field_len)) {
throw Malformed();
}
}
}
}
void Key_file::Entry::load_legacy (uint32_t arg_version, std::istream& in)
{
version = arg_version;
// First comes the AES key
in.read(reinterpret_cast<char*>(aes_key), AES_KEY_LEN);
if (in.gcount() != AES_KEY_LEN) {
throw Malformed();
}
// Then the HMAC key
in.read(reinterpret_cast<char*>(hmac_key), HMAC_KEY_LEN);
if (in.gcount() != HMAC_KEY_LEN) {
throw Malformed();
}
if (in.peek() != -1) {
// Trailing data is a good indication that we are not actually reading a
// legacy key file. (This is important to check since legacy key files
// did not have any sort of file header.)
throw Malformed();
}
}
void Key_file::Entry::store (std::ostream& out) const
{
// Version
write_be32(out, KEY_FIELD_VERSION);
write_be32(out, 4);
write_be32(out, version);
// AES key
write_be32(out, KEY_FIELD_AES_KEY);
write_be32(out, AES_KEY_LEN);
out.write(reinterpret_cast<const char*>(aes_key), AES_KEY_LEN);
// HMAC key
write_be32(out, KEY_FIELD_HMAC_KEY);
write_be32(out, HMAC_KEY_LEN);
out.write(reinterpret_cast<const char*>(hmac_key), HMAC_KEY_LEN);
// End
write_be32(out, KEY_FIELD_END);
}
void Key_file::Entry::generate (uint32_t arg_version)
{
version = arg_version;
random_bytes(aes_key, AES_KEY_LEN);
random_bytes(hmac_key, HMAC_KEY_LEN);
}
const Key_file::Entry* Key_file::get_latest () const
{
return is_filled() ? get(latest()) : 0;
}
const Key_file::Entry* Key_file::get (uint32_t version) const
{
Map::const_iterator it(entries.find(version));
return it != entries.end() ? &it->second : 0;
}
void Key_file::add (const Entry& entry)
{
entries[entry.version] = entry;
}
void Key_file::load_legacy (std::istream& in)
{
entries[0].load_legacy(0, in);
}
void Key_file::load (std::istream& in)
{
unsigned char preamble[16];
in.read(reinterpret_cast<char*>(preamble), 16);
if (in.gcount() != 16) {
throw Malformed();
}
if (std::memcmp(preamble, "\0GITCRYPTKEY", 12) != 0) {
throw Malformed();
}
if (load_be32(preamble + 12) != FORMAT_VERSION) {
throw Incompatible();
}
load_header(in);
while (in.peek() != -1) {
Entry entry;
entry.load(in);
add(entry);
}
}
void Key_file::load_header (std::istream& in)
{
while (true) {
uint32_t field_id;
if (!read_be32(in, field_id)) {
throw Malformed();
}
if (field_id == HEADER_FIELD_END) {
break;
}
uint32_t field_len;
if (!read_be32(in, field_len)) {
throw Malformed();
}
if (field_id == HEADER_FIELD_KEY_NAME) {
if (field_len > KEY_NAME_MAX_LEN) {
throw Malformed();
}
if (field_len == 0) {
// special case field_len==0 to avoid possible undefined behavior
// edge cases with an empty std::vector (particularly, &bytes[0]).
key_name.clear();
} else {
std::vector<char> bytes(field_len);
in.read(&bytes[0], field_len);
if (in.gcount() != static_cast<std::streamsize>(field_len)) {
throw Malformed();
}
key_name.assign(&bytes[0], field_len);
}
if (!validate_key_name(key_name.c_str())) {
key_name.clear();
throw Malformed();
}
} else if (field_id & 1) { // unknown critical field
throw Incompatible();
} else {
// unknown non-critical field - safe to ignore
if (field_len > MAX_FIELD_LEN) {
throw Malformed();
}
in.ignore(field_len);
if (in.gcount() != static_cast<std::streamsize>(field_len)) {
throw Malformed();
}
}
}
}
void Key_file::store (std::ostream& out) const
{
out.write("\0GITCRYPTKEY", 12);
write_be32(out, FORMAT_VERSION);
if (!key_name.empty()) {
write_be32(out, HEADER_FIELD_KEY_NAME);
write_be32(out, key_name.size());
out.write(key_name.data(), key_name.size());
}
write_be32(out, HEADER_FIELD_END);
for (Map::const_iterator it(entries.begin()); it != entries.end(); ++it) {
it->second.store(out);
}
}
bool Key_file::load_from_file (const char* key_file_name)
{
std::ifstream key_file_in(key_file_name, std::fstream::binary);
if (!key_file_in) {
return false;
}
load(key_file_in);
return true;
}
bool Key_file::store_to_file (const char* key_file_name) const
{
create_protected_file(key_file_name);
std::ofstream key_file_out(key_file_name, std::fstream::binary);
if (!key_file_out) {
return false;
}
store(key_file_out);
key_file_out.close();
if (!key_file_out) {
return false;
}
return true;
}
std::string Key_file::store_to_string () const
{
std::ostringstream ss;
store(ss);
return ss.str();
}
void Key_file::generate ()
{
uint32_t version(is_empty() ? 0 : latest() + 1);
entries[version].generate(version);
}
uint32_t Key_file::latest () const
{
if (is_empty()) {
throw std::invalid_argument("Key_file::latest");
}
return entries.begin()->first;
}
bool validate_key_name (const char* key_name, std::string* reason)
{
if (!*key_name) {
if (reason) { *reason = "Key name may not be empty"; }
return false;
}
if (std::strcmp(key_name, "default") == 0) {
if (reason) { *reason = "`default' is not a legal key name"; }
return false;
}
// Need to be restrictive with key names because they're used as part of a Git filter name
size_t len = 0;
while (char c = *key_name++) {
if (!std::isalnum(c) && c != '-' && c != '_') {
if (reason) { *reason = "Key names may contain only A-Z, a-z, 0-9, '-', and '_'"; }
return false;
}
if (++len > KEY_NAME_MAX_LEN) {
if (reason) { *reason = "Key name is too long"; }
return false;
}
}
return true;
}

116
key.hpp
View File

@@ -1,116 +0,0 @@
/*
* Copyright 2014 Andrew Ayer
*
* This file is part of git-crypt.
*
* git-crypt is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* git-crypt is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with git-crypt. If not, see <http://www.gnu.org/licenses/>.
*
* Additional permission under GNU GPL version 3 section 7:
*
* If you modify the Program, or any covered work, by linking or
* combining it with the OpenSSL project's OpenSSL library (or a
* modified version of that library), containing parts covered by the
* terms of the OpenSSL or SSLeay licenses, the licensors of the Program
* grant you additional permission to convey the resulting work.
* Corresponding Source for a non-source form of such a combination
* shall include the source code for the parts of OpenSSL used as well
* as that of the covered work.
*/
#ifndef GIT_CRYPT_KEY_HPP
#define GIT_CRYPT_KEY_HPP
#include <map>
#include <functional>
#include <stdint.h>
#include <iosfwd>
#include <string>
enum {
HMAC_KEY_LEN = 64,
AES_KEY_LEN = 32
};
struct Key_file {
public:
struct Entry {
uint32_t version;
unsigned char aes_key[AES_KEY_LEN];
unsigned char hmac_key[HMAC_KEY_LEN];
Entry ();
void load (std::istream&);
void load_legacy (uint32_t version, std::istream&);
void store (std::ostream&) const;
void generate (uint32_t version);
};
struct Malformed { }; // exception class
struct Incompatible { }; // exception class
const Entry* get_latest () const;
const Entry* get (uint32_t version) const;
void add (const Entry&);
void load_legacy (std::istream&);
void load (std::istream&);
void store (std::ostream&) const;
bool load_from_file (const char* filename);
bool store_to_file (const char* filename) const;
std::string store_to_string () const;
void generate ();
bool is_empty () const { return entries.empty(); }
bool is_filled () const { return !is_empty(); }
uint32_t latest () const;
void set_key_name (const char* k) { key_name = k ? k : ""; }
const char* get_key_name () const { return key_name.empty() ? 0 : key_name.c_str(); }
private:
typedef std::map<uint32_t, Entry, std::greater<uint32_t> > Map;
enum { FORMAT_VERSION = 2 };
Map entries;
std::string key_name;
void load_header (std::istream&);
enum {
HEADER_FIELD_END = 0,
HEADER_FIELD_KEY_NAME = 1
};
enum {
KEY_FIELD_END = 0,
KEY_FIELD_VERSION = 1,
KEY_FIELD_AES_KEY = 3,
KEY_FIELD_HMAC_KEY = 5
};
enum {
MAX_FIELD_LEN = 1<<20
};
};
enum {
KEY_NAME_MAX_LEN = 128
};
bool validate_key_name (const char* key_name, std::string* reason =0);
#endif

118
parse_options.cpp
View File

@@ -1,118 +0,0 @@
/*
* Copyright 2014 Andrew Ayer
*
* This file is part of git-crypt.
*
* git-crypt is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* git-crypt is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with git-crypt. If not, see <http://www.gnu.org/licenses/>.
*
* Additional permission under GNU GPL version 3 section 7:
*
* If you modify the Program, or any covered work, by linking or
* combining it with the OpenSSL project's OpenSSL library (or a
* modified version of that library), containing parts covered by the
* terms of the OpenSSL or SSLeay licenses, the licensors of the Program
* grant you additional permission to convey the resulting work.
* Corresponding Source for a non-source form of such a combination
* shall include the source code for the parts of OpenSSL used as well
* as that of the covered work.
*/
#include "parse_options.hpp"
#include <cstring>
static const Option_def* find_option (const Options_list& options, const std::string& name)
{
for (Options_list::const_iterator opt(options.begin()); opt != options.end(); ++opt) {
if (opt->name == name) {
return &*opt;
}
}
return 0;
}
int parse_options (const Options_list& options, int argc, const char** argv)
{
int argi = 0;
while (argi < argc && argv[argi][0] == '-') {
if (std::strcmp(argv[argi], "--") == 0) {
++argi;
break;
} else if (std::strncmp(argv[argi], "--", 2) == 0) {
std::string option_name;
const char* option_value = 0;
if (const char* eq = std::strchr(argv[argi], '=')) {
option_name.assign(argv[argi], eq);
option_value = eq + 1;
} else {
option_name = argv[argi];
}
++argi;
const Option_def* opt(find_option(options, option_name));
if (!opt) {
throw Option_error(option_name, "Invalid option");
}
if (opt->is_set) {
*opt->is_set = true;
}
if (opt->value) {
if (option_value) {
*opt->value = option_value;
} else {
if (argi >= argc) {
throw Option_error(option_name, "Option requires a value");
}
*opt->value = argv[argi];
++argi;
}
} else {
if (option_value) {
throw Option_error(option_name, "Option takes no value");
}
}
} else {
const char* arg = argv[argi] + 1;
++argi;
while (*arg) {
std::string option_name("-");
option_name.push_back(*arg);
++arg;
const Option_def* opt(find_option(options, option_name));
if (!opt) {
throw Option_error(option_name, "Invalid option");
}
if (opt->is_set) {
*opt->is_set = true;
}
if (opt->value) {
if (*arg) {
*opt->value = arg;
} else {
if (argi >= argc) {
throw Option_error(option_name, "Option requires a value");
}
*opt->value = argv[argi];
++argi;
}
break;
}
}
}
}
return argi;
}

60
parse_options.hpp
View File

@@ -1,60 +0,0 @@
/*
* Copyright 2014 Andrew Ayer
*
* This file is part of git-crypt.
*
* git-crypt is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* git-crypt is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with git-crypt. If not, see <http://www.gnu.org/licenses/>.
*
* Additional permission under GNU GPL version 3 section 7:
*
* If you modify the Program, or any covered work, by linking or
* combining it with the OpenSSL project's OpenSSL library (or a
* modified version of that library), containing parts covered by the
* terms of the OpenSSL or SSLeay licenses, the licensors of the Program
* grant you additional permission to convey the resulting work.
* Corresponding Source for a non-source form of such a combination
* shall include the source code for the parts of OpenSSL used as well
* as that of the covered work.
*/
#ifndef PARSE_OPTIONS_HPP
#define PARSE_OPTIONS_HPP
#include <string>
#include <vector>
struct Option_def {
std::string name;
bool* is_set;
const char** value;
Option_def () : is_set(0), value(0) { }
Option_def (const std::string& arg_name, bool* arg_is_set)
: name(arg_name), is_set(arg_is_set), value(0) { }
Option_def (const std::string& arg_name, const char** arg_value)
: name(arg_name), is_set(0), value(arg_value) { }
};
typedef std::vector<Option_def> Options_list;
int parse_options (const Options_list& options, int argc, const char** argv);
struct Option_error {
std::string option_name;
std::string message;
Option_error (const std::string& n, const std::string& m) : option_name(n), message(m) { }
};
#endif

334
util-unix.cpp
View File

@@ -1,334 +0,0 @@
/*
* Copyright 2012, 2014 Andrew Ayer
*
* This file is part of git-crypt.
*
* git-crypt is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* git-crypt is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with git-crypt. If not, see <http://www.gnu.org/licenses/>.
*
* Additional permission under GNU GPL version 3 section 7:
*
* If you modify the Program, or any covered work, by linking or
* combining it with the OpenSSL project's OpenSSL library (or a
* modified version of that library), containing parts covered by the
* terms of the OpenSSL or SSLeay licenses, the licensors of the Program
* grant you additional permission to convey the resulting work.
* Corresponding Source for a non-source form of such a combination
* shall include the source code for the parts of OpenSSL used as well
* as that of the covered work.
*/
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/time.h>
#include <errno.h>
#include <utime.h>
#include <unistd.h>
#include <stdio.h>
#include <limits.h>
#include <fcntl.h>
#include <stdlib.h>
#include <dirent.h>
#include <vector>
#include <string>
#include <cstring>
std::string System_error::message () const
{
std::string mesg(action);
if (!target.empty()) {
mesg += ": ";
mesg += target;
}
if (error) {
mesg += ": ";
mesg += strerror(error);
}
return mesg;
}
void temp_fstream::open (std::ios_base::openmode mode)
{
close();
const char* tmpdir = getenv("TMPDIR");
size_t tmpdir_len = tmpdir ? std::strlen(tmpdir) : 0;
if (tmpdir_len == 0 || tmpdir_len > 4096) {
// no $TMPDIR or it's excessively long => fall back to /tmp
tmpdir = "/tmp";
tmpdir_len = 4;
}
std::vector<char> path_buffer(tmpdir_len + 18);
char* path = &path_buffer[0];
std::strcpy(path, tmpdir);
std::strcpy(path + tmpdir_len, "/git-crypt.XXXXXX");
mode_t old_umask = umask(0077);
int fd = mkstemp(path);
if (fd == -1) {
int mkstemp_errno = errno;
umask(old_umask);
throw System_error("mkstemp", "", mkstemp_errno);
}
umask(old_umask);
std::fstream::open(path, mode);
if (!std::fstream::is_open()) {
unlink(path);
::close(fd);
throw System_error("std::fstream::open", path, 0);
}
unlink(path);
::close(fd);
}
void temp_fstream::close ()
{
if (std::fstream::is_open()) {
std::fstream::close();
}
}
void mkdir_parent (const std::string& path)
{
std::string::size_type slash(path.find('/', 1));
while (slash != std::string::npos) {
std::string prefix(path.substr(0, slash));
struct stat status;
if (stat(prefix.c_str(), &status) == 0) {
// already exists - make sure it's a directory
if (!S_ISDIR(status.st_mode)) {
throw System_error("mkdir_parent", prefix, ENOTDIR);
}
} else {
if (errno != ENOENT) {
throw System_error("mkdir_parent", prefix, errno);
}
// doesn't exist - mkdir it
if (mkdir(prefix.c_str(), 0777) == -1) {
throw System_error("mkdir", prefix, errno);
}
}
slash = path.find('/', slash + 1);
}
}
static std::string readlink (const char* pathname)
{
std::vector<char> buffer(64);
ssize_t len;
while ((len = ::readlink(pathname, &buffer[0], buffer.size())) == static_cast<ssize_t>(buffer.size())) {
// buffer may have been truncated - grow and try again
buffer.resize(buffer.size() * 2);
}
if (len == -1) {
throw System_error("readlink", pathname, errno);
}
return std::string(buffer.begin(), buffer.begin() + len);
}
std::string our_exe_path ()
{
try {
return readlink("/proc/self/exe");
} catch (const System_error&) {
if (argv0[0] == '/') {
// argv[0] starts with / => it's an absolute path
return argv0;
} else if (std::strchr(argv0, '/')) {
// argv[0] contains / => it a relative path that should be resolved
char* resolved_path_p = realpath(argv0, NULL);
std::string resolved_path(resolved_path_p);
free(resolved_path_p);
return resolved_path;
} else {
// argv[0] is just a bare filename => not much we can do
return argv0;
}
}
}
static int execvp (const std::string& file, const std::vector<std::string>& args)
{
std::vector<const char*> args_c_str;
args_c_str.reserve(args.size());
for (std::vector<std::string>::const_iterator arg(args.begin()); arg != args.end(); ++arg) {
args_c_str.push_back(arg->c_str());
}
args_c_str.push_back(NULL);
return execvp(file.c_str(), const_cast<char**>(&args_c_str[0]));
}
int exec_command (const std::vector<std::string>& command)
{
pid_t child = fork();
if (child == -1) {
throw System_error("fork", "", errno);
}
if (child == 0) {
execvp(command[0], command);
perror(command[0].c_str());
_exit(-1);
}
int status = 0;
if (waitpid(child, &status, 0) == -1) {
throw System_error("waitpid", "", errno);
}
return status;
}
int exec_command (const std::vector<std::string>& command, std::ostream& output)
{
int pipefd[2];
if (pipe(pipefd) == -1) {
throw System_error("pipe", "", errno);
}
pid_t child = fork();
if (child == -1) {
int fork_errno = errno;
close(pipefd[0]);
close(pipefd[1]);
throw System_error("fork", "", fork_errno);
}
if (child == 0) {
close(pipefd[0]);
if (pipefd[1] != 1) {
dup2(pipefd[1], 1);
close(pipefd[1]);
}
execvp(command[0], command);
perror(command[0].c_str());
_exit(-1);
}
close(pipefd[1]);
char buffer[1024];
ssize_t bytes_read;
while ((bytes_read = read(pipefd[0], buffer, sizeof(buffer))) > 0) {
output.write(buffer, bytes_read);
}
if (bytes_read == -1) {
int read_errno = errno;
close(pipefd[0]);
throw System_error("read", "", read_errno);
}
close(pipefd[0]);
int status = 0;
if (waitpid(child, &status, 0) == -1) {
throw System_error("waitpid", "", errno);
}
return status;
}
int exec_command_with_input (const std::vector<std::string>& command, const char* p, size_t len)
{
int pipefd[2];
if (pipe(pipefd) == -1) {
throw System_error("pipe", "", errno);
}
pid_t child = fork();
if (child == -1) {
int fork_errno = errno;
close(pipefd[0]);
close(pipefd[1]);
throw System_error("fork", "", fork_errno);
}
if (child == 0) {
close(pipefd[1]);
if (pipefd[0] != 0) {
dup2(pipefd[0], 0);
close(pipefd[0]);
}
execvp(command[0], command);
perror(command[0].c_str());
_exit(-1);
}
close(pipefd[0]);
while (len > 0) {
ssize_t bytes_written = write(pipefd[1], p, len);
if (bytes_written == -1) {
int write_errno = errno;
close(pipefd[1]);
throw System_error("write", "", write_errno);
}
p += bytes_written;
len -= bytes_written;
}
close(pipefd[1]);
int status = 0;
if (waitpid(child, &status, 0) == -1) {
throw System_error("waitpid", "", errno);
}
return status;
}
bool successful_exit (int status)
{
return status != -1 && WIFEXITED(status) && WEXITSTATUS(status) == 0;
}
void touch_file (const std::string& filename)
{
if (utimes(filename.c_str(), NULL) == -1) {
throw System_error("utimes", filename, errno);
}
}
void remove_file (const std::string& filename)
{
if (unlink(filename.c_str()) == -1) {
throw System_error("unlink", filename, errno);
}
}
static void init_std_streams_platform ()
{
}
void create_protected_file (const char* path)
{
int fd = open(path, O_WRONLY | O_CREAT, 0600);
if (fd == -1) {
throw System_error("open", path, errno);
}
close(fd);
}
int util_rename (const char* from, const char* to)
{
return rename(from, to);
}
static int dirfilter (const struct dirent* ent)
{
// filter out . and ..
return std::strcmp(ent->d_name, ".") != 0 && std::strcmp(ent->d_name, "..") != 0;
}
std::vector<std::string> get_directory_contents (const char* path)
{
struct dirent** namelist;
int n = scandir(path, &namelist, dirfilter, alphasort);
if (n == -1) {
throw System_error("scandir", path, errno);
}
std::vector<std::string> contents(n);
for (int i = 0; i < n; ++i) {
contents[i] = namelist[i]->d_name;
free(namelist[i]);
}
free(namelist);
return contents;
}

393
util-win32.cpp
View File

@@ -1,393 +0,0 @@
/*
* Copyright 2014 Andrew Ayer
*
* This file is part of git-crypt.
*
* git-crypt is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* git-crypt is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with git-crypt. If not, see <http://www.gnu.org/licenses/>.
*
* Additional permission under GNU GPL version 3 section 7:
*
* If you modify the Program, or any covered work, by linking or
* combining it with the OpenSSL project's OpenSSL library (or a
* modified version of that library), containing parts covered by the
* terms of the OpenSSL or SSLeay licenses, the licensors of the Program
* grant you additional permission to convey the resulting work.
* Corresponding Source for a non-source form of such a combination
* shall include the source code for the parts of OpenSSL used as well
* as that of the covered work.
*/
#include <io.h>
#include <stdio.h>
#include <fcntl.h>
#include <windows.h>
#include <vector>
#include <cstring>
std::string System_error::message () const
{
std::string mesg(action);
if (!target.empty()) {
mesg += ": ";
mesg += target;
}
if (error) {
LPTSTR error_message;
FormatMessageA(
FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
NULL,
error,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
reinterpret_cast<LPTSTR>(&error_message),
0,
NULL);
mesg += error_message;
LocalFree(error_message);
}
return mesg;
}
void temp_fstream::open (std::ios_base::openmode mode)
{
close();
char tmpdir[MAX_PATH + 1];
DWORD ret = GetTempPath(sizeof(tmpdir), tmpdir);
if (ret == 0) {
throw System_error("GetTempPath", "", GetLastError());
} else if (ret > sizeof(tmpdir) - 1) {
throw System_error("GetTempPath", "", ERROR_BUFFER_OVERFLOW);
}
char tmpfilename[MAX_PATH + 1];
if (GetTempFileName(tmpdir, TEXT("git-crypt"), 0, tmpfilename) == 0) {
throw System_error("GetTempFileName", "", GetLastError());
}
filename = tmpfilename;
std::fstream::open(filename.c_str(), mode);
if (!std::fstream::is_open()) {
DeleteFile(filename.c_str());
throw System_error("std::fstream::open", filename, 0);
}
}
void temp_fstream::close ()
{
if (std::fstream::is_open()) {
std::fstream::close();
DeleteFile(filename.c_str());
}
}
void mkdir_parent (const std::string& path)
{
std::string::size_type slash(path.find('/', 1));
while (slash != std::string::npos) {
std::string prefix(path.substr(0, slash));
if (GetFileAttributes(prefix.c_str()) == INVALID_FILE_ATTRIBUTES) {
// prefix does not exist, so try to create it
if (!CreateDirectory(prefix.c_str(), NULL)) {
throw System_error("CreateDirectory", prefix, GetLastError());
}
}
slash = path.find('/', slash + 1);
}
}
std::string our_exe_path ()
{
std::vector<char> buffer(128);
size_t len;
while ((len = GetModuleFileNameA(NULL, &buffer[0], buffer.size())) == buffer.size()) {
// buffer may have been truncated - grow and try again
buffer.resize(buffer.size() * 2);
}
if (len == 0) {
throw System_error("GetModuleFileNameA", "", GetLastError());
}
return std::string(buffer.begin(), buffer.begin() + len);
}
static void escape_cmdline_argument (std::string& cmdline, const std::string& arg)
{
// For an explanation of Win32's arcane argument quoting rules, see:
// http://msdn.microsoft.com/en-us/library/17w5ykft%28v=vs.85%29.aspx
// http://msdn.microsoft.com/en-us/library/bb776391%28v=vs.85%29.aspx
// http://blogs.msdn.com/b/twistylittlepassagesallalike/archive/2011/04/23/everyone-quotes-arguments-the-wrong-way.aspx
// http://blogs.msdn.com/b/oldnewthing/archive/2010/09/17/10063629.aspx
cmdline.push_back('"');
std::string::const_iterator p(arg.begin());
while (p != arg.end()) {
if (*p == '"') {
cmdline.push_back('\\');
cmdline.push_back('"');
++p;
} else if (*p == '\\') {
unsigned int num_backslashes = 0;
while (p != arg.end() && *p == '\\') {
++num_backslashes;
++p;
}
if (p == arg.end() || *p == '"') {
// Backslashes need to be escaped
num_backslashes *= 2;
}
while (num_backslashes--) {
cmdline.push_back('\\');
}
} else {
cmdline.push_back(*p++);
}
}
cmdline.push_back('"');
}
static std::string format_cmdline (const std::vector<std::string>& command)
{
std::string cmdline;
for (std::vector<std::string>::const_iterator arg(command.begin()); arg != command.end(); ++arg) {
if (arg != command.begin()) {
cmdline.push_back(' ');
}
escape_cmdline_argument(cmdline, *arg);
}
return cmdline;
}
static int wait_for_child (HANDLE child_handle)
{
if (WaitForSingleObject(child_handle, INFINITE) == WAIT_FAILED) {
throw System_error("WaitForSingleObject", "", GetLastError());
}
DWORD exit_code;
if (!GetExitCodeProcess(child_handle, &exit_code)) {
throw System_error("GetExitCodeProcess", "", GetLastError());
}
return exit_code;
}
static HANDLE spawn_command (const std::vector<std::string>& command, HANDLE stdin_handle, HANDLE stdout_handle, HANDLE stderr_handle)
{
PROCESS_INFORMATION proc_info;
ZeroMemory(&proc_info, sizeof(proc_info));
STARTUPINFO start_info;
ZeroMemory(&start_info, sizeof(start_info));
start_info.cb = sizeof(STARTUPINFO);
start_info.hStdInput = stdin_handle ? stdin_handle : GetStdHandle(STD_INPUT_HANDLE);
start_info.hStdOutput = stdout_handle ? stdout_handle : GetStdHandle(STD_OUTPUT_HANDLE);
start_info.hStdError = stderr_handle ? stderr_handle : GetStdHandle(STD_ERROR_HANDLE);
start_info.dwFlags |= STARTF_USESTDHANDLES;
std::string cmdline(format_cmdline(command));
if (!CreateProcessA(NULL, // application name (NULL to use command line)
const_cast<char*>(cmdline.c_str()),
NULL, // process security attributes
NULL, // primary thread security attributes
TRUE, // handles are inherited
0, // creation flags
NULL, // use parent's environment
NULL, // use parent's current directory
&start_info,
&proc_info)) {
throw System_error("CreateProcess", cmdline, GetLastError());
}
CloseHandle(proc_info.hThread);
return proc_info.hProcess;
}
int exec_command (const std::vector<std::string>& command)
{
HANDLE child_handle = spawn_command(command, NULL, NULL, NULL);
int exit_code = wait_for_child(child_handle);
CloseHandle(child_handle);
return exit_code;
}
int exec_command (const std::vector<std::string>& command, std::ostream& output)
{
HANDLE stdout_pipe_reader = NULL;
HANDLE stdout_pipe_writer = NULL;
SECURITY_ATTRIBUTES sec_attr;
// Set the bInheritHandle flag so pipe handles are inherited.
sec_attr.nLength = sizeof(SECURITY_ATTRIBUTES);
sec_attr.bInheritHandle = TRUE;
sec_attr.lpSecurityDescriptor = NULL;
// Create a pipe for the child process's STDOUT.
if (!CreatePipe(&stdout_pipe_reader, &stdout_pipe_writer, &sec_attr, 0)) {
throw System_error("CreatePipe", "", GetLastError());
}
// Ensure the read handle to the pipe for STDOUT is not inherited.
if (!SetHandleInformation(stdout_pipe_reader, HANDLE_FLAG_INHERIT, 0)) {
throw System_error("SetHandleInformation", "", GetLastError());
}
HANDLE child_handle = spawn_command(command, NULL, stdout_pipe_writer, NULL);
CloseHandle(stdout_pipe_writer);
// Read from stdout_pipe_reader.
// Note that ReadFile on a pipe may return with bytes_read==0 if the other
// end of the pipe writes zero bytes, so don't break out of the read loop
// when this happens. When the other end of the pipe closes, ReadFile
// fails with ERROR_BROKEN_PIPE.
char buffer[1024];
DWORD bytes_read;
while (ReadFile(stdout_pipe_reader, buffer, sizeof(buffer), &bytes_read, NULL)) {
output.write(buffer, bytes_read);
}
const DWORD read_error = GetLastError();
if (read_error != ERROR_BROKEN_PIPE) {
throw System_error("ReadFile", "", read_error);
}
CloseHandle(stdout_pipe_reader);
int exit_code = wait_for_child(child_handle);
CloseHandle(child_handle);
return exit_code;
}
int exec_command_with_input (const std::vector<std::string>& command, const char* p, size_t len)
{
HANDLE stdin_pipe_reader = NULL;
HANDLE stdin_pipe_writer = NULL;
SECURITY_ATTRIBUTES sec_attr;
// Set the bInheritHandle flag so pipe handles are inherited.
sec_attr.nLength = sizeof(SECURITY_ATTRIBUTES);
sec_attr.bInheritHandle = TRUE;
sec_attr.lpSecurityDescriptor = NULL;
// Create a pipe for the child process's STDIN.
if (!CreatePipe(&stdin_pipe_reader, &stdin_pipe_writer, &sec_attr, 0)) {
throw System_error("CreatePipe", "", GetLastError());
}
// Ensure the write handle to the pipe for STDIN is not inherited.
if (!SetHandleInformation(stdin_pipe_writer, HANDLE_FLAG_INHERIT, 0)) {
throw System_error("SetHandleInformation", "", GetLastError());
}
HANDLE child_handle = spawn_command(command, stdin_pipe_reader, NULL, NULL);
CloseHandle(stdin_pipe_reader);
// Write to stdin_pipe_writer.
while (len > 0) {
DWORD bytes_written;
if (!WriteFile(stdin_pipe_writer, p, len, &bytes_written, NULL)) {
throw System_error("WriteFile", "", GetLastError());
}
p += bytes_written;
len -= bytes_written;
}
CloseHandle(stdin_pipe_writer);
int exit_code = wait_for_child(child_handle);
CloseHandle(child_handle);
return exit_code;
}
bool successful_exit (int status)
{
return status == 0;
}
void touch_file (const std::string& filename)
{
HANDLE fh = CreateFileA(filename.c_str(), FILE_WRITE_ATTRIBUTES, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL);
if (fh == INVALID_HANDLE_VALUE) {
throw System_error("CreateFileA", filename, GetLastError());
}
SYSTEMTIME system_time;
GetSystemTime(&system_time);
FILETIME file_time;
SystemTimeToFileTime(&system_time, &file_time);
if (!SetFileTime(fh, NULL, NULL, &file_time)) {
DWORD error = GetLastError();
CloseHandle(fh);
throw System_error("SetFileTime", filename, error);
}
CloseHandle(fh);
}
void remove_file (const std::string& filename)
{
if (!DeleteFileA(filename.c_str())) {
throw System_error("DeleteFileA", filename, GetLastError());
}
}
static void init_std_streams_platform ()
{
_setmode(_fileno(stdin), _O_BINARY);
_setmode(_fileno(stdout), _O_BINARY);
}
void create_protected_file (const char* path) // TODO
{
}
int util_rename (const char* from, const char* to)
{
// On Windows OS, it is necessary to ensure target file doesn't exist
unlink(to);
return rename(from, to);
}
std::vector<std::string> get_directory_contents (const char* path)
{
std::vector<std::string> filenames;
std::string patt(path);
if (!patt.empty() && patt[patt.size() - 1] != '/' && patt[patt.size() - 1] != '\\') {
patt.push_back('\\');
}
patt.push_back('*');
WIN32_FIND_DATAA ffd;
HANDLE h = FindFirstFileA(patt.c_str(), &ffd);
if (h == INVALID_HANDLE_VALUE) {
throw System_error("FindFirstFileA", patt, GetLastError());
}
do {
if (std::strcmp(ffd.cFileName, ".") != 0 && std::strcmp(ffd.cFileName, "..") != 0) {
filenames.push_back(ffd.cFileName);
}
} while (FindNextFileA(h, &ffd) != 0);
DWORD err = GetLastError();
if (err != ERROR_NO_MORE_FILES) {
throw System_error("FileNextFileA", patt, err);
}
FindClose(h);
return filenames;
}

166
util.cpp
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2012, 2014 Andrew Ayer
* Copyright 2012 Andrew Ayer
*
* This file is part of git-crypt.
*
@@ -28,10 +28,89 @@
* as that of the covered work.
*/
#include "git-crypt.hpp"
#include "util.hpp"
#include <string>
#include <iostream>
#include <cstring>
#include <cstdio>
#include <cstdlib>
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/stat.h>
#include <unistd.h>
#include <errno.h>
#include <fstream>
int exec_command (const char* command, std::ostream& output)
{
int pipefd[2];
if (pipe(pipefd) == -1) {
perror("pipe");
std::exit(9);
}
pid_t child = fork();
if (child == -1) {
perror("fork");
std::exit(9);
}
if (child == 0) {
close(pipefd[0]);
if (pipefd[1] != 1) {
dup2(pipefd[1], 1);
close(pipefd[1]);
}
execl("/bin/sh", "sh", "-c", command, NULL);
exit(-1);
}
close(pipefd[1]);
char buffer[1024];
ssize_t bytes_read;
while ((bytes_read = read(pipefd[0], buffer, sizeof(buffer))) > 0) {
output.write(buffer, bytes_read);
}
close(pipefd[0]);
int status = 0;
waitpid(child, &status, 0);
return status;
}
std::string resolve_path (const char* path)
{
char* resolved_path_p = realpath(path, NULL);
std::string resolved_path(resolved_path_p);
free(resolved_path_p);
return resolved_path;
}
void open_tempfile (std::fstream& file, std::ios_base::openmode mode)
{
const char* tmpdir = getenv("TMPDIR");
size_t tmpdir_len;
if (tmpdir) {
tmpdir_len = strlen(tmpdir);
} else {
tmpdir = "/tmp";
tmpdir_len = 4;
}
char* path = new char[tmpdir_len + 18];
strcpy(path, tmpdir);
strcpy(path + tmpdir_len, "/git-crypt.XXXXXX");
mode_t old_umask = umask(0077);
int fd = mkstemp(path);
if (fd == -1) {
perror("mkstemp");
std::exit(9);
}
umask(old_umask);
file.open(path, mode);
if (!file.is_open()) {
perror("open");
unlink(path);
std::exit(9);
}
unlink(path);
close(fd);
delete[] path;
}
std::string escape_shell_arg (const std::string& str)
{
@@ -47,84 +126,3 @@ std::string escape_shell_arg (const std::string& str)
return new_str;
}
uint32_t load_be32 (const unsigned char* p)
{
return (static_cast<uint32_t>(p[3]) << 0) |
(static_cast<uint32_t>(p[2]) << 8) |
(static_cast<uint32_t>(p[1]) << 16) |
(static_cast<uint32_t>(p[0]) << 24);
}
void store_be32 (unsigned char* p, uint32_t i)
{
p[3] = i; i >>= 8;
p[2] = i; i >>= 8;
p[1] = i; i >>= 8;
p[0] = i;
}
bool read_be32 (std::istream& in, uint32_t& i)
{
unsigned char buffer[4];
in.read(reinterpret_cast<char*>(buffer), 4);
if (in.gcount() != 4) {
return false;
}
i = load_be32(buffer);
return true;
}
void write_be32 (std::ostream& out, uint32_t i)
{
unsigned char buffer[4];
store_be32(buffer, i);
out.write(reinterpret_cast<const char*>(buffer), 4);
}
void* explicit_memset (void* s, int c, std::size_t n)
{
volatile unsigned char* p = reinterpret_cast<unsigned char*>(s);
while (n--) {
*p++ = c;
}
return s;
}
static bool leakless_equals_char (const unsigned char* a, const unsigned char* b, std::size_t len)
{
volatile int diff = 0;
while (len > 0) {
diff |= *a++ ^ *b++;
--len;
}
return diff == 0;
}
bool leakless_equals (const void* a, const void* b, std::size_t len)
{
return leakless_equals_char(reinterpret_cast<const unsigned char*>(a), reinterpret_cast<const unsigned char*>(b), len);
}
static void init_std_streams_platform (); // platform-specific initialization
void init_std_streams ()
{
// The following two lines are essential for achieving good performance:
std::ios_base::sync_with_stdio(false);
std::cin.tie(0);
std::cin.exceptions(std::ios_base::badbit);
std::cout.exceptions(std::ios_base::badbit);
init_std_streams_platform();
}
#ifdef _WIN32
#include "util-win32.cpp"
#else
#include "util-unix.cpp"
#endif

50
util.hpp
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2012, 2014 Andrew Ayer
* Copyright 2012 Andrew Ayer
*
* This file is part of git-crypt.
*
@@ -28,55 +28,17 @@
* as that of the covered work.
*/
#ifndef GIT_CRYPT_UTIL_HPP
#define GIT_CRYPT_UTIL_HPP
#ifndef _UTIL_H
#define _UTIL_H
#include <string>
#include <ios>
#include <iosfwd>
#include <stdint.h>
#include <sys/types.h>
#include <fstream>
#include <vector>
struct System_error {
std::string action;
std::string target;
int error;
System_error (const std::string& a, const std::string& t, int e) : action(a), target(t), error(e) { }
std::string message () const;
};
class temp_fstream : public std::fstream {
std::string filename;
public:
~temp_fstream () { close(); }
void open (std::ios_base::openmode);
void close ();
};
void mkdir_parent (const std::string& path); // Create parent directories of path, __but not path itself__
std::string our_exe_path ();
int exec_command (const std::vector<std::string>&);
int exec_command (const std::vector<std::string>&, std::ostream& output);
int exec_command_with_input (const std::vector<std::string>&, const char* p, size_t len);
bool successful_exit (int status);
void touch_file (const std::string&);
void remove_file (const std::string&);
int exec_command (const char* command, std::ostream& output);
std::string resolve_path (const char* path);
void open_tempfile (std::fstream&, std::ios_base::openmode);
std::string escape_shell_arg (const std::string&);
uint32_t load_be32 (const unsigned char*);
void store_be32 (unsigned char*, uint32_t);
bool read_be32 (std::istream& in, uint32_t&);
void write_be32 (std::ostream& out, uint32_t);
void* explicit_memset (void* s, int c, size_t n); // memset that won't be optimized away
bool leakless_equals (const void* a, const void* b, size_t len); // compare bytes w/o leaking timing
void init_std_streams ();
void create_protected_file (const char* path); // create empty file accessible only by current user
int util_rename (const char*, const char*);
std::vector<std::string> get_directory_contents (const char* path);
#endif